支持策略与属性全隐藏的CP-ABE方案
CP-ABE Scheme Supports Fully Policy and Attribute Hidden
姜露寒 1田有亮 1向阿新1
作者信息
- 1. 贵州大学公共大数据国家重点实验室 贵阳 550025;贵州大学计算机科学与技术学院 贵阳 550025;贵州大学密码学与数据安全研究所 贵阳 550025;贵州省密码学与区块链技术特色重点实验室 贵阳 550025
- 折叠
摘要
已有的支持策略或属性隐藏的CP-ABE方案可实现隐私保护的细粒度访问控制,但大部分方案仅实现了关于属性值的部分策略隐藏,且忽略了密钥生成过程的用户属性隐藏问题,仍易造成用户隐私信息泄露.针对上述问题,文中提出了一种完全隐藏访问策略和用户属性的CP-ABE方案,用于数据访问控制和密钥生成过程中的用户隐私信息保护.首先,提出了属性莫顿过滤器(Attribute Morton Filter,AMF),加密阶段将访问策略完全隐藏于AMF中,解密阶段用户可高效查询并精准判断用户属性在策略中的位置;其次,提出了一种基于zk-SNARKs的密钥生成方法,有效隐藏了密钥生成过程中的用户属性;最后,安全性证明及性能分析表明,所提方案在不影响效率的同时具有选择明文攻击下的不可区分性.
Abstract
The existing ciphertext-policy attribute-based encryption schemes that support policy or attribute hiding can achieve fine-grained access control for privacy protection,but most of them only realize partial policy hiding of attribute values,and ignore the problem of hiding user attributes during key generation,which is still prone to user privacy information leakage.To address the above problems,a CP-ABE scheme that fully hides access policy and user attributes for data access control and user privacy information protection during key generation is proposed.Firstly,the attribute Morton filter(AMF)is proposed,in which the ac-cess policy is fully hidden in the AMF during the encryption phase,and the user can efficiently query and accurately determine the position of attributes in the policy during the decrypt phase.Secondly,a zk-SNARKs-based key generation method is developed to effectively conceal the user attributes throughout the key generation process.Finally,security and performance analysis are con-ducted to evaluate the proposed scheme,demonstrating its indistinguishability under chosen-plaintext attack security without compromising efficiency.
关键词
属性基加密/访问策略/用户属性/完全隐藏/属性莫顿过滤器Key words
Attribute-based encryption/Access policy/User attributes/Fully hidden/Attribute Morton filters引用本文复制引用
出版年
2024
NETL
NSTL
万方数据